ietf
[Top] [All Lists]

Re: A simple question

2003-04-20 11:25:59
At 01:00 PM 4/20/2003, Richard Carlson wrote:
At 07:20 PM 4/19/03 -0400, Keith Moore wrote:
>   | To assign more than one address to every host means the host must have
>   | an intelligent means of deciding which address to use.
>
> Yes, but the amount of intelligence actually needed is pretty minimal.
> (It is actually harder to decide between multiple available global
> prefixes, than to decide between global and site local - the former is
> a difficult problem, the latter is almost trivial).

disagree.  the app can choose any global prefix and reasonably expect it to
work,

I completely disagree with this assumption. Firewalls and address filters mean that no app can make any reasonable assumption. Some addresses will work and others will fail. The app is left with no clues as to why the connection failed. Assuming it's just a link failure and retrying sometime in the future things will work is a receipt for user frustration.

modulo link failures. but when choosing between a global and a site
local the app needs to know whether the site local address will be valid for
the hosts that need to use it, and it has no way to know this.   the app may
also have to choose which interface to use with the site-local prefix,
and it has no good way to know this either.

The decision process is not forced on the app/host by the existence of the site-local prefix. It is due to the emergence of firewalls and address filters. The reality is that non-global routing scopes exist today. The question is - how do we provide some feedback to apps that they are trying to cross a scope boundary that it's a permanent error condition (5xx in SMTP verbiage)? One proposed notification method is the site-local prefix. Other methods can be created, but something needs to be done and simply killing site-locals and ignoring the underlying scoping issue is a non-starter.

You mean aside from applications understaning that an ICMP Destination Unreachable / Administratively Prohibited response from the site firewall?

For that matter, IPv6 machines arguably could try their Site Local address and be given that same feedback from the border router or firewall, and use the response as an indication to go use their assigned global address. It's not clear to me that the host or application need contain the intelligence (nor is there any way to determine scoping unassisted, IMO), however through use of ICMP responses it certainly should be possible to determine reachability or lack thereof. It may be useful to expand the responses routers and firewalls give to hosts within sites to help accomplish this.

We have the problem of scoped addresses whether the "site local" mechanism is retained or not. Providing guidance on the responses an application is to receive in response to scoping controls (firewalls) would be useful regardless. If this problem is worth solving for the already-common case of firewalls, solving it for site-local addressing does not seem to be too much of a stretch.



<Prev in Thread] Current Thread [Next in Thread>